I track people who are disrupting the world of mobile technology. Non-conformists, innovators and agitators are this blog's unsung heroes, from entrepreneurs to scientists, to rebellious hackers. I'm the author of "We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency", (Little Brown, 2012) which The New York Times called a "lively, startling book that reads as 'The Social Network' for group hackers." I recently relocated to Forbes' San Francisco office, and was previously Forbes' London bureau chief from 2008-12, interviewing British billionaires like Philip Green and controversial figures like Mohammed Al Fayed; I wrote last year's billionaires cover story on Russia's Yuri Milner, and have broken stories like the Facebook-Spotify partnership in 2011. Before all this I had stints at the BBC and as a radio journalist. You can watch me on 'The Daily Show' here. If you have a story idea or tip, e-mail me at polson@forbes.com or follow me on Twitter: parmy.

FBI Agent's Laptop 'Hacked' To Grab 12 Million Apple IDs - UPDATED

FBI special agent Christopher Stangl as he appeared in a video calling on hackers to join the federal agency.

UPDATE Sept. 11, 12:20 GMT: Following the FBI’s denials that an agent’s laptop was breached to grab 12 million Apple UDIDs, a small app publisher in Florida has confirmed that it was the source of the device identifiers. The CEO of Blue Toad said his company had reported the breach, which reportedly occurred in the last two weeks, to law enforcement. “We’re pretty apologetic to the people who relied on us to keep this information secure,” Chief Executive Paul Hart told NBC. Read the full story and its privacy implications here. As for Anonymous, the revelation could mark a new dent on the network’s credibility, despite its already-solid reputation for “trolling” via networks like 4chan and Twitter. Organizers have said on Twitter that “There is still no evidence. Stay tuned,” but the appearance of lying in their earlier press release will make any future leaks by the subversive network much harder for anyone to believe.

UPDATE Sept. 4, 21:50 GMT: The FBI has denied that it ever had the 12 million Apple IDs in question: “Statement soon on reports that one of our laptops with personal info was hacked,” it said on Twitter. “We never had info in question. Bottom Line: TOTALLY FALSE.” It also said in an emailed statement: “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

UPDATE Sept. 4, 19:00 GMT: There is some speculation that an app developer, not Apple, released the dataset of 12 million device IDs to the FBI. Marco Arment of Instapaper writes on his blog that, “all of this information could have been collected from an app transmitting data to a server… This is exactly the information that an ad network would want to collect. Apple and the carriers probably weren’t involved at all.” He adds that the “popular and free AllClear ID app, related to NCFTA, is a likely culprit,” given the name of the dataset stolen by hackers (see below).

An AllClear spokeswoman denied the company’s involvement, saying, “AllClear ID does not collect, nor has it ever collected, UDIDs. We have determined this incident is not linked to AllClear ID.”

The NCFTA, or National Cyber Forensics and Training Alliance, is a non-profit partner with the FBI whose legal arrangement with the government allows it to hand over information to the FBI. Forbes privacy writer Kashmir Hillwrites that NCFTA is not allowed to share names or addresses of people affiliated with the scheme. AllClear ID a free iOS app that aims to protect a user’s identity from fraud.

The inclusion of “Push Notification Tokens” in the data leak was another reason to believe the data had come from an app developer. Apple’s Push Notification Service can decrypt these token using a key, according to its site for developers. This means that if an app developer (or developers) leaked the data, Apple could potentially identify them.

UPDATE Sept. 4, 17:50 GMT: Anonymous / Antisec supporters have posted a sample of 100 Apple mobile device identifiers from the breach, in plain text, viewable here. The data is in four columns 1) the Apple device unique device identifier 2) the Apple Push Notification Service DevToken 3) the device name 4) the device type. They say it lists the top 50 and bottom 50 UDIDs in the dataset. One source from Anonymous says supporters are currently working on uploading the full, unencrypted dataset of 1 million UDIDs to the web, as well as a searchable database.

———–

Three years ago special agent Christopher Stangl appeared in a video calling on people with computer science degrees to join the Federal Bureau of Investigation, saying they were needed “more than ever.” Last night, hackers with subversive online networks Anonymous and Antisec answered that call with nothing short of irreverence: they published what they claimed were more than 1 million unique device identifier numbers, (UDID) for Apple devices, stolen from Stangl’s own laptop.

In total, the hackers say they were able to steal more than 12 million of these strings of numbers and letters, but, “we decided a million would be enough to release.” They announced the hack through the widely-watched Twitter feed, @AnonymousIRC last night.

Forbes cyber security reporter Andy Greenberg has downloaded the encrypted file posted by Anonymous containing the identifiers, and decrypted it. “It does seem to be an enormous list of 40-character strings made up of numbers and the letters A through F, just like Apple UDIDs,” he reports. The data is being analyzed by cyber security research firms like Denmark’s CSIS, whose specialist Peter Kruse tweeted earlier today that three of his devices were in the leaked data.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

They should be banned from making the infamous “no comment statement” – they have something to say! Might be why the info was released in the first place. The FBI is always doing something they aren’t supposed to, then the public finds out and we have to create a law preventing them from overstepping their boundaries.

The name of the file is quite revealing – ‘NCFTA_iOS_devices_intel.csv’. The NCFTA (National Cyber-Forensics & Training Alliance) is a work around allowing companies to give info to the FBI without the passing of CISPA. It stands to reason that Apple willingly gave this info to the FBI.

Thanks for the article, by itself it may seem like just a hacking article. Put it along side other seemingly unrelated stories and it can take on a whole new meaning. FBI probably will not comment until they have a story in place that doesn’t put in jeopardy current operations involving this data.